The administrator remote authen-fail command enables the account locking function for administrators who fail remote authentication.
The undo administrator remote authen-fail command disables the account locking function for administrators who fail remote authentication.
By default, the account locking function is enabled for administrators who fail remote authentication, the authentication retry interval is 5 minutes, the maximum number of consecutive authentication failures is 30, and the account locking period is 5 minutes.
administrator remote authen-fail retry-interval retry-interval retry-time retry-time block-time block-time
undo administrator remote authen-fail
| Parameter | Description | Value |
|---|---|---|
retry-interval retry-interval |
Specifies the authentication retry interval after a remote authentication failure. |
The value is an integer in the range from 5 to 65535, in minutes. |
retry-time retry-time |
Specifies the maximum number of consecutive authentication failures. |
The value is an integer in the range from 3 to 65535. |
block-time block-time |
Specifies the account locking period. |
The value is an integer in the range from 5 to 65535, in minutes. |
Usage Scenario
To ensure account and password security of administrators, enable the account locking function for administrators who fail remote authentication. If an administrator enters incorrect account and password more than the maximum number of consecutive authentication failures within the given period, the account is locked. After a certain period, the account is unlocked.
Precautions
# Enable the account locking function for administrators who fail remote authentication, and set the authentication retry interval to 5 minutes, maximum number of consecutive authentication failures to 3, and account locking period to 5 minutes.
<HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] administrator remote authen-fail retry-interval 5 retry-time 3 block-time 5